Yahoo, Gmail passwords also phished in far-reaching scam

Share this article:

Users of Gmail and Yahoo have joined Hotmail as victims in what appears to be a large-scale webmail phishing campaign designed to steal login credentials.

On Monday, Microsoft admitted that "several thousand" credentials belonging to its Windows Live Hotmail customers were leaked to a third-party website, the result of a phishing scam. The site, PasteBin, commonly used by developers to share code snippets, has since taken down the list.

But that wasn't the extent of the attack. In a report Tuesday, BBC News said it reviewed two lists that also contained the hijacked usernames and passwords of Yahoo and Gmail users.

When Google learned of the scheme, it reset the passwords on "a small number of affected accounts," a company spokesman told SCMagazineUS.com Monday in an email.

"We encourage users to be very careful when asked to share your personal information," he said. "If you suspect that your account has been compromised, we encourage you to immediately change your password."

Yahoo, in a statement, said it was aware of a "limited" number of impacted members.

"Online scams and phishing attacks are an ongoing and industrywide issue, and Yahoo takes great effort to protect our users' security," the company said.

In the case of the Hotmail compromise, 9,843 valid usernames and passwords were posted to PasteBin, which currently is offline. Bogdan Calin, a researcher with Acunetix, a web application security firm, obtained a copy of the list before it was removed, and he determined that the scam likely targeted Latinos.

Calin found that the most common password used was "123456," which was listed 64 times, compared to the next popular, "123456789," used 18 times. "Alejandra" was the third most common password (11 times), while "Alberto," "Alejandro" and "Tequiero" were tied for fifth most popular -- each used nine times.

Volunteer handler Adrien de Beaupre, in a post Tuesday on the SANS Internet Storm Center, suggested that users regularly change their passwords and remember to not click on links in emails or use the same password for multiple sites.

Jeff Burstein, senior product manager at VeriSign, said it is unclear how all of the major webmail providers were targeted, or what the motive was of the orchestrators.

But the incident should force email providers and end-users to consider additional forms of authentication, he told SCMagazineUS.com on Tuesday.

"So many passwords are getting compromised," Burstein said.
Share this article:

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.